The invention relates to telecommunication networks and more particularly to ensuring the privacy of communications made across telecommunication networks.
Privacy is an important issue for many users of telecommunication equipment. The issue relates to ensuring that only the intended parties in a conversation carried across telecommunication networks are connected to receive the voice information. Privacy is of particular concern in corporate environments where the parties of the telephone calls are using telephones supported by different telecommunication networks and where multifunction telephone systems allow calls to be forwarded, transferred, or conferenced. For example, the privacy of a telephone call can be breached when a caller A at a calling communication terminal of a first telecommunication network believes he/she has contacted a called party B at a target communication terminal of a second telecommunication network, but the call has seamlessly been forwarded or transferred to a party C at a third communication terminal. Because caller A is unaware that he/she has contacted the wrong party, the caller may provide information to party C that is not intended for party C. In another example, caller A, located in a first telecommunication network, may not want certain sensitive information to be heard by other parties within earshot of called party B, located in a second telecommunication network. However, without caller A""s knowledge, the called party B may conduct his/her end of the conversation through a hands-free speaker phone which projects the conversation to the surrounding environment, potentially breaching the privacy of the call.
Many of the same privacy concerns related to real-time telephone conversations exist with respect to voice messaging systems that are commonplace in multifunction telephone systems. For example, in most messaging systems a voicemail message intended to be heard only by a particular party may be transferred to unintended parties or may be overheard when the intended party listens to the stored message using a speaker phone. U.S. Pat. No. 5,568,540 to Greco et al. describes a privacy feature which prevents voicemail messages identified as private from being forwarded or copied when the voicemail messages originate from calls that are connected to a specific Private Branch Exchange (PBX) via the public switched telephone network (PSTN). Although the privacy feature works well for its intended purpose, the feature of Greco et al. is limited to preventing a specifically marked voicemail message from being forwarded or copied to anyone but the intended recipient. Greco et al. does not provide any other privacy options, such as protection against a message being overheard during replay via a speaker phone.
In view of the privacy concerns involved with telephone communications across telecommunication networks and in view of the limited privacy controls available in telephone systems, what is needed is a voice communications approach that offers improved privacy functions.
A method and an apparatus for protecting call privacy across telecommunication networks allow a caller at a calling communication terminal of a first telecommunication network to control the privacy of a telephone call to a called party at a target communication terminal of a second telecommunication network, by (1) enabling selection from among a group of privacy options that represent varying degrees of privacy, (2) assigning each of the selected privacy options to the call, and (3) enforcing the selected privacy options using the capabilities within the second telecommunication network, thereby eliminating the need for external enforcement. The privacy options selected for the call limit the ability of a called party to manipulate the call. For example, the privacy options may prevent the called party from forwarding the call, transferring the call, conferencing the call, and/or listening to the call via a hands-free speaker phone. Allowing the caller to control how freely the called party can manipulate an incoming call helps to ensure that the caller""s privacy expectations are met. In an additional aspect of the invention, when a caller at the first telecommunication network calls a called party at the second telecommunication network and leaves a voicemail message, selected privacy options (e.g., preventing call transferring, preventing call conferencing, and preventing voice data from being listened to via a hands-free speaker) are transferred to any voicemail message that is generated as a result of the call. and a data server. Within the ToL network system, the communication terminals and the gatekeeper are configured to provide extended caller-initiated privacy options. Within the PBX network system, the communication terminals and the PBX are configured to provide extended caller-initiated privacy options.
In the first embodiment in which two ToLs are interconnected via a data network, one of the preferred operations of the caller-initiated privacy system is described for a caller A at a calling communication terminal which is supported by the first ToL system. Caller A intends to make a call to a target communication terminal which is supported by the second ToL system. To initiate the call, the caller accesses a call placement screen via the calling communication terminal. The caller then has the option of selecting among any combination of privacy options which are displayed on the call placement screen. Once the caller-initiated privacy options are selected, the call placement application generates and transmits a call set-up protocol message to the gatekeeper of the calling communication terminal, identifying the selected privacy options. After call set-up is complete, the call is initiated. The gatekeeper of the first telecommunication network then determines whether the second telecommunication network utilizes the same network protocol system as the first telecommunication network. If the gatekeeper of the first telecommunication network determines that the second telecommunication network utilizes the same network system, the gatekeeper, using an H.323 signaling command, sends the protocol message to the gatekeeper of the second telecommunication network. The gatekeeper of the second telecommunication network receives the call within the parameters dictated by the selected call privacy options and enforces the selected privacy options.
In the second and third embodiments in which gateways are required in order to provide protocol and addressing compatibility, after the caller-initiated privacy options are selected, the call placement application generates and transmits a call set-up protocol message to the gatekeeper of the ToL network system of the first telecommunication network, identifying the selected privacy options. The gatekeeper of the first telecommunication network then determines whether a conversion or encoding of the message is required. In the third embodiment, because the ToL and the PBX network systems utilize a different protocol scheme, the gatekeeper of the first telecommunication network sends the protocol message to the local gateway. The gateway of the first telecommunication network then translates and In a first embodiment, the call privacy systems in the first and second telecommunication networks are each embodied in a telephony-over-local area network (LAN), or ToL, communications system that enables real-time voice conversations over packet-based networks. The first ToL communications system and the second ToL communications system are interconnected through gatekeepers via a data network, such as the global communications network commonly referred to as the Internet. Preferably, each ToL system includes communication terminals, a gatekeeper, and a data server. The gatekeeper connected to the LAN provides the computer telephony functionality for the ToL system. The telephony functionality includes managing call control between communication terminals in one telecommunication network with communication terminals in another telecommunication network. In a preferred embodiment, the gatekeeper includes a messaging system with voicemail capability. As an alternative embodiment, the messaging system may be encompassed in other devices. The data server may provide access to traditional database information, such as financial records, manufacturing schedules, and/or customer information.
According to the first embodiment, data and voice information are passed from the communication terminals located in the first telecommunication network to the communication terminals located in the second ToL network system via the two gatekeepers. Within each ToL network system, the communication terminals and gatekeepers are configured to provide extended caller-initiated privacy options.
In a second embodiment, the gatekeepers of two or more ToLs are linked to the PSTN by gateways, so that the ToLs are able to communicate via the PSTN services. The individual ToLs may be identical to the ToLs described with reference to the first embodiment. Each gatekeeper enforces the privacy options within its ToL, but receives enforcement instructions from the other gatekeepers.
In a third embodiment, the first telecommunication network is a packet-based ToL communications system and the second telecommunication network is a circuit-switched network. The caller-initiated privacy options are implemented at the second network in a private branch exchange (PBX) communications system. The ToL network system of the first telecommunication network and the PBX network system are interconnected by gateways and gatekeepers via the PSTN. The ToL network system may be identical to the ToLs described with reference to the first embodiment. The PBX network system includes communication terminals, a gateway, a gatekeeper (PBX), converts the information in the protocol message to ensure compatibility with the PBX network system.
Still referring to the third embodiment, after the conversion of the protocol message, the gateway of the first telecommunication network embeds the new privacy protocol message inside an Integrated Services Digital Network (ISDN) user-to-user signaling command, which is transmitted to the gateway of the PBX network system. The gateway of the second telecommunication network receives the new privacy protocol message and relays the protocol message, containing the parameters dictated by the selected call privacy options, to the PBX of the second telecommunication network. The PBX then enforces the selected privacy options.
In each embodiment of the invention, the selected call privacy options of block-call-forwarding, block-call-transferring, and block-call-conferencing are wholly enforced by the gatekeeper or the PBX of the called party""s telecommunication network, eliminating the need for external enforcement. The privacy option of blocking speaker phone use is enforced cooperatively between the gatekeeper or PBX located within the called party""s telecommunication network and the respective target communication terminal. That is, the target communication terminals may be programmed to request permission from the gatekeeper or PBX of the target communication terminals to activate a speaker phone at the target communication terminal. A request to activate a speaker phone will be denied if the block-speaker phone-use option is active on the particular call. Enforcement of the selected privacy options is transferred to any message, such as a voicemail message, that is generated in response to the call.
Although the privacy option of blocking call forwarding was described in simple terms, the block-call-forwarding feature can be further enhanced. For example, the feature could be enhanced by allowing call forwarding only when permission is given by the caller of the calling communication terminal. Moreover, the gatekeeper or PBX at the second telecommunication network could return a message to the gatekeeper of the first telecommunication network identifying the third party to whom the call was forwarded, and then ask the caller whether the caller would like to continue the call and have the call forwarded to the third party. Furthermore, if the gatekeeper or PBX at the target communication terminal does not support this feature or any privacy option feature, the gatekeeper or PBX will not recognize the privacy protocol message and will not acknowledge the message or will respond that the protocol message is xe2x80x98unknown.xe2x80x99 The calling communication terminal""s gatekeeper can then inform the caller that the specific features are not supported by the second telecommunication network system and ask the caller whether the caller would like to connect the call to the target communication terminal.